Hello there: I know it’s been a while since I posted here, and it certainly isn’t because nothing has been happening in the wonderful world of scams, spam, and hoaxes. I’ve just been too tied up with other stuff to fit in any commentary on this blog. Unfortunately, I have to prioritise work I’m paid for. However, some of that work is relevant to this blog, including one of my very favourite hobby horses, the PC tech support phone scam, where someone calls you (usually from a call centre in India) and tries to persuade you that your virus-infected PC is about to blow up, and that you need to pay them to access your PC remotely and fix it. It so happens that part of my time recently has been taken up with putting together a couple of conference papers with my friends and colleagues Steven Burn (of MalwareBytes), Martijn Grooten (of Virus Bulletin) and Craig Johnston (formerly a colleague at ESET, but now an independent researcher). Those papers will be presented in September: one at a forensics conference in the UK, and one at Virus Bulletin in Dallas, and obviously I can’t make them publicly available until after the respective conferences for which they were written.
However, there’s some other writing that you might find of interest.
How to recognize a PC support scam is a fairly lengthy consideration of some of the social engineering devices the scammers use when they call.
- Support Scam Poll looks at an information-gathering exercise by the Internet Storm Center. Unfortunately SANS hasn’t shown much interest in exchanging information with us, but if you have any direct experience of the scam, I’d encourage you to take a look at their survey anyway. The more that people pay attention to the scam, the likelier it is that someone will manage to achieve something.
Support Scammer Update: Misrepresenting Task Manager looks at slightly novel twist on the misuse and misrepresentation of legitimate utilities to con victims into believing that there is something wrong with their systems. Other utilities we more commonly see misrepresented in this way include Event Viewer, ASSOC (the CLSID ploy), INF and Prefetch, none of which have much to do with security.
- And most recently, Support scams: social engineering update looks at some of the other aspects of scam calls that have been reported to us at ESET.
I’ll shortly be updating the tech support scam resources page at AVIEN to include these resources and a number of others – not all mine, of course.
David Harley CITP FBCS CISSP
Small Blue-Green World
ESET Senior Research Fellow